چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Black Hat Go: Go Programming For Hackers and Pentesters 1

Tom Steele, (Security Consultant); Chris Patten; Dan Kottmann

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۲۰۲۰
فرمت
PDF
زبان
انگلیسی
حجم فایل
۲۳٫۷ مگابایت
شابک
9781119222019، 9781119497585، 9781593277598، 9781593278267، 9781593278557، 9781593278564، 9781593278595، 9781593278601، 9781593278632، 9781593278656، 9781593278823، 111922201X، 1119497582، 1593277598، 1593278268، 1593278551، 159327856X، 1593278594، 1593278608، 1593278632، 1593278659، 1593278829

دربارهٔ کتاب

Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll learn how to: • Make performant tools that can be used for your own security projects • Create usable tools that interact with remote APIs • Scrape arbitrary HTML data • Use Go's standard package, net/http, for building HTTP servers • Write your own DNS server and proxy • Use DNS tunneling to establish a C2 channel out of a restrictive network • Create a vulnerability fuzzer to discover an application's security weaknesses • Use plug-ins and extensions to future-proof productsBuild an RC2 symmetric-key brute-forcer • Implant data within a Portable Network Graphics (PNG) image. Are you ready to add to your arsenal of security tools? Then let's Go! Title Page Copyright Page About the Authors BRIEF CONTENTS CONTENTS IN DETAIL FOREWORD ACKNOWLEDGMENTS INTRODUCTION Who This Book Is For What This Book Isn’t Why Use Go for Hacking? Why You Might Not Love Go Chapter Overview 1 GO FUNDAMENTALS Setting Up a Development Environment Understanding Go Syntax Summary 2 TCP, SCANNERS, AND PROXIES Understanding the TCP Handshake Bypassing Firewalls with Port Forwarding Writing a TCP Scanner Building a TCP Proxy Summary 3 HTTP CLIENTS AND REMOTE INTERACTION WITH TOOLS HTTP Fundamentals with Go Building an HTTP Client That Interacts with Shodan Interacting with Metasploit Parsing Document Metadata with Bing Scraping Summary 4 HTTP SERVERS, ROUTING, AND MIDDLEWARE HTTP Server Basics Credential Harvesting Keylogging with the WebSocket API Multiplexing Command-and-Control Summary 5 EXPLOITING DNS Writing DNS Clients Writing DNS Servers Summary 6 INTERACTING WITH SMB AND NTLM The SMB Package Understanding SMB Guessing Passwords with SMB Reusing Passwords with the Pass-the-Hash Technique Recovering NTLM Passwords Summary 7 ABUSING DATABASES AND FILESYSTEMS Setting Up Databases with Docker Connecting and Querying Databases in Go Building a Database Miner Pillaging a Filesystem Summary 8 RAW PACKET PROCESSING Setting Up Your Environment Identifying Devices by Using the pcap Subpackage Live Capturing and Filtering Results Sniffing and Displaying Cleartext User Credentials Port Scanning Through SYN-flood Protections Summary 9 WRITING AND PORTING EXPLOIT CODE Creating a Fuzzer Porting Exploits to Go Creating Shellcode in Go Summary 10 GO PLUGINS AND EXTENDABLE TOOLS Using Go’s Native Plug-in System Building Plug-ins in Lua Summary 11 IMPLEMENTING AND ATTACKING CRYPTOGRAPHY Reviewing Basic Cryptography Concepts Understanding the Standard Crypto Library Exploring Hashing Authenticating Messages Encrypting Data Brute-Forcing RC2 Summary 12 WINDOWS SYSTEM INTERACTION AND ANALYSIS The Windows API’s OpenProcess() Function The unsafe.Pointer and uintptr Types Performing Process Injection with the syscall Package The Portable Executable File Using C with Go Summary 13 HIDING DATA WITH STEGANOGRAPHY Exploring the PNG Format Reading Image Byte Data Writing Image Byte Data to Implant a Payload Encoding and Decoding Image Byte Data by Using XOR Summary Additional Exercises 14 BUILDING A COMMAND-AND-CONTROL RAT Getting Started Defining and Building the gRPC API Creating the Server Creating the Client Implant Building the Admin Component Running the RAT Improving the RAT Summary Index A Comprehensive Guide To Penetration Testing Cloud Services Deployed With Microsoft Azure, The Popular Cloud Computing Service Provider Used By Companies Like Warner Brothers And Apple. A Comprehensive Guide To Penetration Testing Cloud Services Deployed In Microsoft Azure, The Popular Cloud Computing Service Provider Used By Numerous Companies Large And Small. You'll Learn How To: -find Security Issues Related To Multi-factor Authentication And Management Certificates -make Sense Of Azure's Services By Using Powershell Commands To Find Ip Addresses, Administrative Users, And Firewall Rules -discover Security Configuration Errors That Could Lead To Exploits Against Azure Storage And Keys -uncover Weaknesses In Virtual Machine Settings That Enable You To And Acquire Passwords, Binaries, Code, And Settings Files -penetrate Networks By Enumerating Firewall Rules -investigate Specialized Services Like Azure Key Vault And Azure Websites -know When You Might Be Caught By Viewing Logs And Security Events Packed With Real-world Examples From The Author's Experience As A Corporate Penetration Tester, Sample Scripts From Pen-tests And Defenders Tips That Explain How Companies Can Reduce Risk, Pentesting Azure Provides A Clear Overview Of How To Effectively Perform Security Tests So That You Can Provide The Most Accurate Assessments Possible--,a Guide To Penetration Testing Cloud Services Deployed In Microsoft Azure, The Popular Cloud Computing Service Provider Used By Numerous Companies--provided By Publisher-- If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment. First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: •Cover your tracks by changing your network information and manipulating the rsyslog logging utility •Write a tool to scan for network connections, and connect and listen to wireless networks •Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email •Write a bash script to scan open ports for potential targets •Use and abuse services like MySQL, Apache web server, and OpenSSH •Build your own hacking tools, such as a remote video spy camera and a password cracker Hacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers? Covers Kali Linux and Python 3 Like the best-selling Black Hat Python , Black Hat Go explores the darker side of the popular Go programming language. This collection of short scripts will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset. Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll learn how Are you ready to add to your arsenal of security tools? Then let's Go! Malware Data Science explains how to identify, analyze, and classify large-scale malware using machine learning and data visualization. Security has become a "big data" problem. The growth rate of malware has accelerated to tens of millions of new files per year while our networks generate an ever-larger flood of security-relevant data each day. In order to defend against these advanced attacks, you'll need to know how to think like a data scientist. In Malware Data Science, security data scientist Joshua Saxe introduces machine learning, statistics, social network analysis, and data visualization, and shows you how to apply these methods to malware detection and analysis. You'll learn how to: - Analyze malware using static analysis - Observe malware behavior using dynamic analysis - Identify adversary groups through shared code analysis - Catch 0-day vulnerabilities by building your own machine learning detector - Measure malware detector accuracy - Identify malware campaigns, trends, and relationships through data visualization Whether you're a malware analyst looking to add skills to your existing arsenal, or a data scientist interested in attack detection and threat intelligence, Malware Data Science will help you stay ahead of the curve This practical guide to modern encryption breaks down the fundamental mathematical concepts at the heart of cryptography without shying away from meaty discussions of how they work. You’ll learn about authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography. You'll also learn: Key concepts in cryptography, such as computational security, attacker models, and forward secrecy The strengths and limitations of the TLS protocol behind HTTPS secure websites Quantum computation and post-quantum cryptography About various vulnerabilities by examining numerous code examples and use cases How to choose the best algorithm or protocol and ask vendors the right questions Each chapter includes a discussion of common implementation mistakes using real-world examples and details what could go wrong and how to avoid these pitfalls. Whether you’re a seasoned practitioner or a beginner looking to dive into the field, Serious Cryptography will provide a complete survey of modern encryption and its applications. "This practical guide to modern encryption breaks down the fundamental mathematical concepts at the heart of cryptography without shying away from meaty discussions of how they work. You'll learn about authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography. You'll also learn: Key concepts in cryptography, such as computational security, attacker models, and forward secrecy; The strengths and limitations of the TLS protocol behind HTTPS secure websites; Quantum computation and post-quantum cryptography; About various vulnerabilities by examining numerous code examples and use cases; How to choose the best algorithm or protocol and ask vendors the right questions"--Provided by publisher Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like performing vulnerability scans, malware analysis, and incident response. With some help from Mono, you can write your own practical security tools that will run on Windows, Mac, Linux, and even mobile devices. Following a crash course in C# and some of its advanced features, you'll learn how Streamline and simplify your work day with Gray Hat C# and C#'s extensive repertoire of powerful tools and libraries. Encryption -- Randomness -- Cryptographic Security -- Block Ciphers -- Stream Ciphers -- Hash Functions -- Keyed Hashing -- Authenticated Encryption -- Hard Problems -- Rsa -- Diffie-hellman -- Elliptic Curves -- Tls -- Quantum And Post-quantum. Jean-philippe Aumasson. Includes Bibliographical References And Index. "A guide to Go that begins by introducing fundamentals like data types, control structures, and error handling. Provides instruction on how to use Go for tasks such as sniffing and processing packets, creating HTTP clients, and writing exploits."-- Provided by publisher "Teaches how to use C#'s set of core libraries to automate tasks like performing vulnerability scans, malware analysis, and incident response. Teaches how to write practical security tools that will run on Mac, Linux, and mobile devices"-- Provided by publisher Aimed at helping readers build a foundation of Linux skills, this guide also addresses MySQL, postgresql, and Python scripting. The guide also provides access to numerous real-world examples and hands-on exercises.--adapted from publisher's description "Builds a foundation of Linux skills; this guide also addresses MySQL, postgresql, and Python scripting. Provides access to numerous real-world examples and hands-on exercises"-- Provided by publisher

قیمت نهایی

۴۴٬۰۰۰ تومان